[cas-user] Call to /proxyValidate can't validate proxy ticket because Cas20WithoutProxyingValidationSpecification is used

[Christian Koehn]

Hi,

I am using CAS 5.2.2 and have an issue to validate a PT.

The entries in the logs are:

2018-03-14 16:44:27,253 WARN 
[org.apereo.cas.validation.AbstractCasProtocolValidationSpecification] - 
<[Cas20WithoutProxyingValidationSpecification] is not internally satisfied 
by the produced assertion>
2018-03-14 16:44:27,254 WARN 
[org.apereo.cas.web.AbstractServiceValidateController] - <Service ticket 
[PT-2-M6hl8hYF6pihmXvcVWbzKPAlyYM7IpS-C9fHzXIePnJ4e5Eo9gnf1cXHHPqYrrE3DpAgdSJjy-8t-144Up-uLV71AUZwlArLwInFee8P3mFpi5eE3T5UEaVP3LVAl1WyLGrsNTXiUFxK4WJdXqSgc3tCG2jZiVPL-d3b1dff9cf2f]
 
does not satisfy validation specification.>

My service definitions are:

For the Main service that needs to act as proxy
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "https://mainapp.mydomain.com/bin/view";,
  "name" : "CKOE wiki",
  "id" : 2,
  "description" : "Only ckoe wiki auth with proxy",
  "evaluationOrder" : 2,
  "proxyPolicy" : {
    "@class" : 
"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
    "pattern" : "^https?://.*"
  },
  "usernameAttributeProvider" : {
        "@class" : 
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
        "usernameAttribute" : "uid"
  },
  "attributeReleasePolicy" : {
    "@class" : 
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
    "authorizedToReleaseProxyGrantingTicket" : true
  },
"publicKey" : {
    "@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
    "location" : "/etc/cas/ckoewiki",
    "algorithm" : "RSA"
  }



The service that needs to be accessed by the main service:

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "https://otherapp.mydomain.com";,
  "name" : "Test DMS",
  "id" : 3,
  "description" : "Blah blah blah Test ",
  "evaluationOrder" : 3,
  "proxyPolicy" : {
    "@class" : 
"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
    "pattern" : "^https?://.*"
  },
  "usernameAttributeProvider" : {
        "@class" : 
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
        "usernameAttribute" : "uid"
  }
}
}


As said in the title, the service trying to validate the PT is calling the 
/proxyValidate endpoint... but without success.
Any hints where to look at?

Thanks,
Christian

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7e3fc26f-c3c6-414b-a6ac-74afdfd18328%40apereo.org.